The recent Computers, Privacy & Data Protection Conference (CPDP) showcased a series of innovative projects that are based on big data. Big data is one of the four imperatives that shape the age of the customer — one of Forrester’s main focus areas — and the changing regulatory framework of data protection in Europe has big implications for big data initiatives.

Central to data protection is the existing EU Data Protection Directive, which legislators have been trying to update for years to reflect the changing online realities. The proposed Data Protection Regulation focuses on a redefinition of the concept of “consent.” User consent now has to be freely given, specific, informed, and explicit.

This new definition forces businesses to be more transparent about how they gather, use, disclose, and manage customer data in the form of the principles of privacy notice and purpose limitation. Complying with these new privacy principles is a challenge in the age of the customer, as privacy regulation affects:

Real-time data collected by wearable devices.Wearables like smart socks, T-shirts, glasses, and fridges can provide insights into the user’s physical performance and health in real time. The implications for privacy are obvious — and will get more complex: At CPDC, Anne Wright of the Robotics Institute at Carnegie Mellon University explained how wearables empower personalized and enhanced medical treatments though self-tracking. Empirical results show that people dissatisfied with ordinary treatments are able to adjust their drug dosage to meet their specific needs and habits and improve their conditions considerably.

Real-time location data collected from network traffic. Last year, telecoms provider Orange collected and shared with several universities some 2.5 billion anonymized records from calls and text messages exchanged between 5 million users in Ivory Coast, one of the markets in which it operates. Orange shared the data freely with researchers at these universities with the aim of encouraging development projects for Ivory Coast citizens. To date, 260 such projects have been delivered. Orange will repeat its “data4development” initiative in 2014 in Senegal.

Real-time location data collected through tracking and tracing. For instance, by tracking a shopper's Bluetooth or Wi-Fi connection, retailers can know when he is visiting their shops, in which areas of the shop he spends most time, and which items caught his attention. Retailers could use this information to send shoppers product information or personalized advertising.

Big data is about the volume, the velocity, and type of data. But speakers at CPDP also made it explicit that big data initiatives ignore privacy at their own risk. Managing principles like explicit consent, privacy notice, and purpose limitation are business-critical in the age of the customer. The fact that regulators often lag behind the pace of technology and that the legal tools to protect customers effectively are lacking do not provide peace of mind. The attention paid to privacy issues will keep on rising. The leading customer-obsessed enterprises take action to make their own customers feel safe.

Customer-obsessed enterprises don’t think about privacy as a legal requirement. They think of privacy as an element of competitive advantage. Hence, we believe that chief risk and security officers, CIOs, and business leaders will join forces to address privacy in a more holistic manner.